apify-actorization
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script from Apify's official domain (
apify.com/install-cli.sh) using a piped-to-bash command pattern. While originating from a well-known service, it remains a remote code execution vector. - [REMOTE_CODE_EXECUTION]: Recommends downloading and executing a bootstrap script for the 'ubi' tool from a third-party GitHub repository (
houseabsolute/ubi) within a Dockerfile configuration template. - [COMMAND_EXECUTION]: Requires the execution of various CLI commands for environment setup, project initialization, local testing, and deployment, including
apify init,apify run, andapify push. - [EXTERNAL_DOWNLOADS]: Orchestrates the installation of several external packages from public registries, including the
apifySDK for JavaScript and Python, and theapify-clitool. - [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill is designed to analyze and summarize external project files to generate code wrappers.
- Ingestion points: Processes project files such as source code, entry points, and configuration files to understand project structure.
- Boundary markers: No specific boundary markers or isolation instructions are provided to separate untrusted project content from the agent's internal instructions.
- Capability inventory: The skill allows for writing new configuration files and executing shell commands based on the analysis of these project files.
- Sanitization: There is no evidence of content validation or sanitization before the project data is used to inform code generation or command execution.
Recommendations
- HIGH: Downloads and executes remote code from: https://apify.com/install-cli.sh - DO NOT USE without thorough review
Audit Metadata